CVE-2025-39379 WordPress Capturly plugin <= 2.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Capturly Capturly allows PHP Local File Inclusion. This issue affects Capturly: from n/a through 2.0.1...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal that stems from vulnerability to cross-site request forgery attacks...

CVE-2025-32156 WordPress Just Post Preview Widget plugin <= 1.1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alex Prokopenko / JustCoded Just Post Preview Widget just-post-preview allows PHP Local File Inclusion.This issue affects Just Post Preview Widget: from n/a through = 1.1.1...

CVE-2025-27015 WordPress Hostiko Theme < 30.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in designingmedia Hostiko hostiko allows PHP Local File Inclusion.This issue affects Hostiko: from n/a through 30.1...

CVE-2025-23952 WordPress Custom Field List Widget Plugin <= 1.5.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ntm custom-field-list-widget custom-field-list-widget allows PHP Local File Inclusion.This issue affects custom-field-list-widget: from n/a through = 1.5.1...

CVE-2025-26933 WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue affects WC Place Order Without Payment: from n/a through =...

CVE-2025-26979 WordPress Funnel Builder by FunnelKit plugin <= 3.9.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.9.0...

CVE-2025-22508

CVE-2025-22508 : FAT Event Lite for WordPress suffers an unauthenticated Local File Inclusion due to improper control of the filename used in PHP include/require. Affected: FAT Event Lite versions up to 1.1. Exploitation details are not provided in the initial document, but the issue is confirmed...

CVE-2024-53800 WordPress Rezgo Online Booking plugin <= 4.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in rezgo Rezgo rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through = 4.17...

ROS-20241015-15

A vulnerability in the PHP programming language interpreter exists due to a failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...

ROS-20240820-15

A vulnerability in the filtervar function of the PHP programming language interpreter is related to insufficient data authentication. data authentication. Exploitation of the vulnerability could allow an attacker acting remotely, spoof URLs with erroneous data...

ROS-20240816-15

A vulnerability in the PHP programming language interpreter is related to the erroneous handling of cookies due to the replacement of spaces, dots, and open square brackets with underscores. as a result of replacing spaces, periods and open square brackets with underscores. Exploitation...

ROS-20230418-02

A vulnerability in the PHP programming language is related to the kernel's path resolution function, which allocates a buffer one bytes less than necessary, if paths are resolved with a length close to the MAXPATHLEN system parameter, this can cause the byte after the allocated buffer to be...

CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...

Sourcecodesterk Doctor Appointment System SQL注入漏洞

Doctor Appointment System is a PHP/MySQLi based doctor appointment system. A SQL blind injection vulnerability exists in contactus.php in Doctor Appointment System 1.0. An attacker can exploit this vulnerability to insert malicious SQL queries via the firstname parameter...

php: NULL pointer dereference in PHP session upload progress

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would try to clean up data that does...

Debian DLA-2306-1 : libphp-phpmailer security update

It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. F...

Debian DLA-2244-1 : libphp-phpmailer security update

It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. F...

An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any informatio...

Multiple Code Execution Flaws Found In PHP Programming Language

Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers. Hypertext...